As many have noticed, Apple has released their new lineup of laptops, software, OSes, and iPhones. As I watched live coverage of the keynotes on Monday (thanks Gizmodo) – a few things caught my attention when they were speaking about the new iPhone 3G S. The first thing that caught my eye was the mention of “hardware encryption.” Now, simply mentioning that a device supports hardware encryption can mean a lot of things, and Apple isn’t very clear about what they mean by this. Trying to do some further research didn’t help much either as I only ended up being further confused with all the different mentions of this “hardware encryption.” The official word from Apple is… iPhone 3G S[…]

Much like most virtual hacks, some clever people create a very sophisticated tool and a bunch of amateurs (or crime syndicates) use them to commit fraud. Hardware hacks, like this ATM skimmer are generally more difficult to obtain, expensive, and can’t be copied and shared as easily as a computer program. ATM skimmers like those shown in the video require a camera set up to see you PIN as you enter it. Aside from the obvious advice or not using and ATMs with wires or protruding panels, they recommend shielding the number pad as you enter in your PIN code. I’d add going inside of a bank to withdraw cash when at all possible, but now a days most debit[…]

You may have been reading about the latest advancements in quantum cryptography over the past week. Claims that the technology is unbreakable are unfounded however, if not in least for these theoretical reasons. Quantum Cryptography Will Be Broken With Quantum Technology – Current computing technology uses methodical means to encrypt and decrypt data. Quantum physics doesn’t work sequentially or even follow the laws of classical physics. The first quantum hack will be done with quantum technology. The Human Factor – I always like to think about the “gun to head” method of cracking security. Put a gun to the right person’s head and they’ll tell you whatever you want. Quantum cryptography can be cracked by blackmailing, intimidating, and threatening the[…]

Mark Kahn found out the hard way that even “small” sites will press charges when he hacked into Six Flags’ computer systems. He used a bad form on Six Flags’ job site to submit lots of bogus job applications containing threatening messages. While his stunt did not result in the loss of data, it did annoy some people enough to press charges. What I want to know now, is how well amusement parks’ externally facing websites are separated from the really important computer systems – those that belong to the rides/roller coasters. I’m speculating here, because I ride coasters a *lot*, and the newer systems are controlled by general purpose computer systems – I’ve seen the Millennium Force at Cedar[…]

This is really bad and scary news. The F.B.I. Says the Military Had Bogus Computer Gear. [T]he… sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon. The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components. Cisco routers are everywhere. According to Cisco’s web[…]

A group of researchers from two universities have proposed a way to prevent chip piracy. The technique uses public key cryptography to lock down circuitry. In a whitepaper published this month, Jarrod A. Roy and Igor L. Markov (of the University of Michigan) and Farinaz Koushanfar (of Rice University) outline the problem and details of how their proposed technology will help solve the increasing piracy of chip designs. Markov will present the group’s proposal at the Design Automation and Test in Europe conference, to be held in Germany on March 13, 2008. It’s a very technical read, but still interesting to see the diversity that public key cryptography can be used for.